30465 matches found
GHSA-5VRP-638W-P8M2 Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs
Impact This XSS vulnerability is about the system configs design/header/welcome design/header/logosrc design/header/logosrcsmall design/header/logoalt They are intended to enable admins to set a text in the two cases, and to define an image url for the other two cases. But because of previously...
CVE-2024-41676
Magento-lts is a long-term support alternative to Magento Community Edition CE. This XSS vulnerability affects the design/header/welcome, design/header/logosrc, design/header/logosrcsmall, and design/header/logoalt system configs.They are intended to enable admins to set a text in the two cases,...
AZL-47489 CVE-2024-41038 affecting package kernel for versions less than 6.6.43.1-7
In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length strings in the...
PT-2024-6666
Name of the Vulnerable Software and Affected Versions: Qualcomm Multiple Chipsets affected versions not specified Description: The issue is related to a use-after-free vulnerability in the Digital Signal Processor DSP service of Qualcomm chipsets, which can lead to memory corruption while...
WordPress FluentForm Plugin <= 5.1.19 is vulnerable to Cross Site Scripting (XSS)
Software FluentForm Type Plugin Vulnerable versions = 5.1.19 Fixed in 5.1.20 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6520 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8737e12493c8 Credits Joel Indra Yoel Indra...
CVE-2024-41670 PayPal Official Module for PrestaShop has Improperly Implemented Security Check for Standard
In the module "PayPal Official" for PrestaShop 7+ releases prior to version 6.4.2 and for PrestaShop 1.6 releases prior to version 3.18.1, a malicious customer can confirm an order even if payment is finally declined by PayPal. A logical weakness during the capture of a payment in case of disable...
CVE-2024-3938
The "reset password" login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. Those interested to see the vulnerability may spin up a...
CVE-2024-3938
The "reset password" login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. Those interested to see the vulnerability may spin up a...
CVE-2024-41800
Craft CMS 5 is affected by a TOTP re-use vulnerability. Versions 5.0.0-beta.1 through 5.2.2 allow an attacker who knows the victim’s credentials to resubmit a valid TOTP token within its validity period and establish an authenticated session. The issue has been patched in Craft 5.2.3; users shoul...
CVE-2024-41800 Craft CMS Allows TOTP Token To Stay Valid After Use
Craft is a content management system CMS. Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim's credentials. This h...
CVE-2024-41800 Craft CMS Allows TOTP Token To Stay Valid After Use
Craft is a content management system CMS. Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim's credentials. This h...
PT-2024-5257 · Amazon · Aws S3
Name of the Vulnerable Software and Affected Versions: Open edX Platform versions master, palm, olive, nutmeg, maple, lilac, koa, or juniper Description: The issue is related to inadequate access control in the Open edX Platform, specifically with the AWS S3 Bucket Handler component. This may all...
PT-2024-29491 · Vnote · Vnote
Name of the Vulnerable Software and Affected Versions: VNote versions 3.18.1 and prior Description: A Cross-Site Scripting XSS vulnerability has been identified in the Markdown rendering functionality of the VNote note-taking application. This issue allows the injection and execution of arbitrary...
Photon OS 5.0: Curl PHSA-2023-5.0-0054
An update of the curl package has been released. File data PhotonOSPHSA-2023-50-0054curl.nasl...
PT-2024-37849 · WordPress · Social Auto Poster
Name of the Vulnerable Software and Affected Versions: Social Auto Poster plugin for WordPress versions up to, and including, 5.3.14 Description: The issue is related to Stored Cross-Site Scripting via the mapTypes parameter in the 'wpw auto poster map wordpress post type' AJAX function due to...
Photon OS 3.0: Nxtgn PHSA-2023-3.0-0606
An update of the nxtgn package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-3.0-0606. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Photon OS 3.0: Imagemagick PHSA-2022-3.0-0449
An update of the ImageMagick package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-3.0-0449. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Photon OS 3.0: Sqlite PHSA-2024-3.0-0712
An update of the sqlite package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-3.0-0712. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Photon OS 3.0: Pkg PHSA-2022-3.0-0507
An update of the pkg package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-3.0-0507. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid20395...
Photon OS 3.0: Nginx PHSA-2023-3.0-0606
An update of the nginx package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-3.0-0606. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...